My AV has blocked me twice while on the Support forum advising of a Rogue Scanner (type 1862). Just thought you ought to know. I happens immediately after opening posts (both of which were about keyboard control issues).
URL: xpavsfeelwin.com/index.php?xxxxxxxxxxxxxxxxxxxxxxxxxxxxx[obfuscated for safety]=
Name: Rogue Scanner (type 1862)
Rollback Post to RevisionRollBack
"Never try to teach a pig to sing. It wastes your time and annoys the pig." Lazarus Long
It was probably a PHP or javascript they put into their post to try and get viewers redirected to their fake AV site. Using Firefox with the NoScript addon can help prevent such hijacks from occurring. If you're using IE, CTRL+ALT+DEL and ending the browser task will usually prevent any harm being done. Usually the fake AV sites then rely on a user downloading and installing something, though some will also take advantage of browser, other software (Adobe Reader is commonly exploited) or OS vulnerabilities.
There's also a version of NoScript for Chrome.
Considering how popular Minecraft has become, it is not surprising that the forums are popular targets of cybercriminals (including spammers). Also be careful of Google Image searches. They are increasingly being poisoned in a similar manner, often from Wordpress blogs, which users don't always update and is easily exploited.
It was probably a PHP or javascript they put into their post to try and get viewers redirected to their fake AV site. Using Firefox with the NoScript addon can help prevent such hijacks from occurring. If you're using IE, CTRL+ALT+DEL and ending the browser task will usually prevent any harm being done. Usually the fake AV sites then rely on a user downloading and installing something, though some will also take advantage of browser, other software (Adobe Reader is commonly exploited) or OS vulnerabilities.
There's also a version of NoScript for Chrome.
Considering how popular Minecraft has become, it is not surprising that the forums are popular targets of cybercriminals (including spammers). Also be careful of Google Image searches. They are increasingly being poisoned in a similar manner, often from Wordpress blogs, which users don't always update and is easily exploited.
Awesome information. Thank you. I've got a bunch of security crap running but guess it won't hurt to slap another addon in the mix!
Rollback Post to RevisionRollBack
"Never try to teach a pig to sing. It wastes your time and annoys the pig." Lazarus Long
Did it talk about trojans that were downloaded with a "Remove All" popup? If so, it has been happening to me since Friday and citrussquid is looking into it.
Did it talk about trojans that were downloaded with a "Remove All" popup? If so, it has been happening to me since Friday and citrussquid is looking into it.
I didn't let it run very long once it popped up but it was one of those 'let me scan your computer so I can find a fake virus and charge you to remove it' kinda pieces of crap. I'm familiar with them.
Rollback Post to RevisionRollBack
"Never try to teach a pig to sing. It wastes your time and annoys the pig." Lazarus Long
I wish I'd taken the time to note the thread Subject and OP. As soon as I acknowledged my security alert and the offending code was removed the formatting in the text field of the post changed indicating to me that the crap was imbedded in the text. Next time I'll pause long enough to get the necessary data. AVG had me covered so I shouldn't have freaked.
Rollback Post to RevisionRollBack
"Never try to teach a pig to sing. It wastes your time and annoys the pig." Lazarus Long
URL: xpavsfeelwin.com/index.php?xxxxxxxxxxxxxxxxxxxxxxxxxxxxx[obfuscated for safety]=
Name: Rogue Scanner (type 1862)
There's also a version of NoScript for Chrome.
Considering how popular Minecraft has become, it is not surprising that the forums are popular targets of cybercriminals (including spammers). Also be careful of Google Image searches. They are increasingly being poisoned in a similar manner, often from Wordpress blogs, which users don't always update and is easily exploited.
Awesome information. Thank you. I've got a bunch of security crap running but guess it won't hurt to slap another addon in the mix!
Me? I'm running AVG.
I didn't let it run very long once it popped up but it was one of those 'let me scan your computer so I can find a fake virus and charge you to remove it' kinda pieces of crap. I'm familiar with them.